• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

FWX_E_GRACEFUL_SHUTDOWN

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> FWX_E_GRACEFUL_SHUTDOWN Page: [1]
Login
Message << Older Topic   Newer Topic >>
FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 9:51:42 AM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
When i try to connect to an application that required LDAP(389)

in the logging i got a line saying

ERROR_SUCCESS

on the seconde line i got
closed connection
FWX_E_GRACEFUL_SHUTDOWN

how can i resolve it
Post #: 1
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:24:14 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
There is nothing to solve

1. It was a success
2. It shutdown gracefully


_____________________________

Phillip Windell

(in reply to tibob)
Post #: 2
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:29:31 AM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
why it shutdown

(in reply to pwindell)
Post #: 3
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:35:17 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Because it thought it was supposed to,...that it was time to shutdown,...it was "finished".   Probably because the Application that owned the session said,.."Ok,..I'm done,..good bye".

There is nothing more that can be said with the information that has been given.

_____________________________

Phillip Windell

(in reply to tibob)
Post #: 4
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:46:43 AM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
there is a way to find out why is disconnecting. when it pass outside the isa server its works but when it passing throught the isa server i got this error

(in reply to pwindell)
Post #: 5
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 10:49:29 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
We don't know what "it" is and have no idea what you are doing.  You need to to be more specific.

_____________________________

Phillip Windell

(in reply to tibob)
Post #: 6
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:01:21 AM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
its an desktop application called Entrust who call a web browser. When the webbrowser show up it made the connection to the governement of canada import export permit website

for that i need to open some ports to make it work.

like i said before without the isa server its work , with the isa server it doesnt work

i wondering if there a way to know what can differt between this two mode that make the connection close

(in reply to pwindell)
Post #: 7
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:11:28 AM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
there is what they asking for

Firewall/Proxy ports – open to new Entrust Certificate Authority URLs:
Authority=ca-ac.gss-spg.gc.ca+829             
Manager=ca-ac.gss-spg.gc.ca+709
Server=ldap.gss-spg.gc.ca+389

(in reply to tibob)
Post #: 8
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:11:35 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
It probably won't work over a rule that requires authentication, so make it an "All Users" Rule.

Make sure the Firewall Client is installed on the EnTrust machine so it can handle LDAP.  It may also work as a SecureNAT Client instead of having the Firewall Client.  The point is that LDAP will not work with a Web Proxy "only" Client.

Create a Computer Object or a Computer Set that represents or contains the Server that runs EnTrust.

Create a Computer Object or Computer Set that represents or contains the Destination Computers (or IP Range, or subnet).

Then the Rule would look like this:

From: <source computer object>
To: <destination computer object
Protocol: HTTP, HTTPS, LDAP (not LDAP Server)
Users: All Users

Place this Rule "above" any other Rule using HTTP, HTTPS, LDAP that requires user authentication.


In the Monitoring Log set the filter to only show traffic from the EnTrust Computer IP#.  Watch for problems in the logs.

_____________________________

Phillip Windell

(in reply to tibob)
Post #: 9
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:13:24 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Authority=ca-ac.gss-spg.gc.ca+829             
Manager=ca-ac.gss-spg.gc.ca+709
Server=ldap.gss-spg.gc.ca+389


Have no idea what that means.


_____________________________

Phillip Windell

(in reply to tibob)
Post #: 10
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 11:55:24 AM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
i did what you said and its doesnt work

(in reply to pwindell)
Post #: 11
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 1:17:14 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
You have to use the MonitoringLog as I described to troubleshoot.


_____________________________

Phillip Windell

(in reply to tibob)
Post #: 12
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 2:09:32 PM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
yes but i just be able to reach someone from the software ( i was lucky)
and he told me that entrust modify packet and isa reject this packet because of that

so im waiting an answer from him

i hope it would work

thanks for your help

(in reply to pwindell)
Post #: 13
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:18:18 PM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
here what i get

he told me , you must configure isa server to not filter out EntrustId of the incoming packets

how can i do that

(in reply to tibob)
Post #: 14
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:39:53 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
I think he is wrong.
What does "filter out EntrustId of the incoming packets"  even mean? What? Where? How?
You have to use the MonitoringLog as I described to troubleshoot.

_____________________________

Phillip Windell

(in reply to tibob)
Post #: 15
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:53:48 PM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
he told me that isa server his removing the entrust id from the incoming packet from the web server to my computer thats why i get security error missing token data

he told me that im not the first one and you have to do that.

you must specify isa server to not remove entrust id

what does it mean i dont know :)

(in reply to pwindell)
Post #: 16
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 3:58:12 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ok, well wait and see if any others here have any ideas. 
I would not have any idea.

_____________________________

Phillip Windell

(in reply to tibob)
Post #: 17
RE: FWX_E_GRACEFUL_SHUTDOWN - 17.Jun.2008 4:03:34 PM   
tibob

 

Posts: 22
Joined: 19.Dec.2007
Status: offline
there is a way to check the packets ?

(in reply to pwindell)
Post #: 18
RE: FWX_E_GRACEFUL_SHUTDOWN - 18.Jun.2008 10:05:47 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

if he said you´re not the first one, ask him what the others did to solve this issue. Did you try to google around?
You can check these packets using a net cap, like wireshark.

Regards,
Paulo Oliveira.

(in reply to tibob)
Post #: 19
RE: FWX_E_GRACEFUL_SHUTDOWN - 18.Jun.2008 10:21:41 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
My thoughts exactly.

The Tech should have documented what had to be done with the "others" so then when the next one came along he would have an answer for them.  That's what a tech support person is supposed to do when they support their products.


_____________________________

Phillip Windell

(in reply to paulo.oliveira)
Post #: 20

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> FWX_E_GRACEFUL_SHUTDOWN Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts